• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: mDNS Packet storm help
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mDNS Packet storm help

  • Subject: Re: mDNS Packet storm help
  • From: Eric Dahlman <email@hidden>
  • Date: Mon, 3 Oct 2005 14:32:01 -0500
Josh,

Thanks for pointing that out. I think that we might have identified a Linksys box that was the culprit. We flashed it with the newest firmware and now I cannot trigger the packet storms any more (I was not able to trigger them 100% on command in past so I am not totally convinced.)

I cannot see how this would be related to my other "bad DNS" problem, but hey it is always good to fix something.

Thanks!
-Eric


On Oct 3, 2005, at 12:37 PM, Josh Graessley wrote:


Something strange is happening on your network or machine. I talked briefly with Marc Krochmal. It sounds like the IP IDs are all the same. For each IP packet the stack sends, it picks a new IP ID. The stack is not generating these packets.

You might check to see if you have any third party kernel extensions installed.

-josh

On Sep 30, 2005, at 9:36 AM, Marc Krochmal wrote:



On Sep 30, 2005, at 6:50 AM, Eric Dahlman wrote:



Howdy,

I have sent the trace in a separate message. Just some extra information here. At present mDNSresponder is taking up about 50% of my CPU and is about 864 K in size. When I went home last night my powerbook did not show any of this traffic and when I came in to the office it also did not. I noticed it after about half an hour and switching users, sorry I cannot say exactly when it started or if fast user switching was a contributing factor.

I also started a packet trace with Ethereal to watch http traffic during this time but alas it got too big to be manageable. I will describe those problems in my next installment as I think they have a different cause but still may be related ;-)



The reason that mDNSResponder is using 50% CPU is not because it's sending these packets, it's because mDNSResponder is receiving and processing all these packets. Given you're having this problem and the "Slashdot" problem, I think this is happening somewhere in the kernel or in your Ethernet hardware. In the packet trace, every mDNS packet has the same IP identifier, meaning that this is the exact same packet being sent by the kernel over and over. Hopefully someone else on the list can provide more information about how to debug this.

-Marc 


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >Re: mDNS Packet storm help (From: Josh Graessley <email@hidden>)






    

  • Prev by Date:
Re: mDNS Packet storm help

    • 

  • Next by Date:
Re: What exactly is net.inet.tcp.sockthreshold?

    • 

  • Previous by thread:
Re: mDNS Packet storm help

    • 

  • Next by thread:
Can't get BSD bind() to work.

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •